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DETAILED ACTION 

1 . This action is in response to the amendment filed on 07/08/2008. 

2. Claims 1 , 5, 21 , 25, 38, 41 , 45, 81 , 85 and 96 have been amended. 

3. Claims 2-4, 22-24, 42-44, 61-80 and 82-84 have been canceled. 

4. Claims 1 , 5-21 , 25-41 , 45-60, 81 and 85-98 are pending for consideration. 

Response to Arguments 

5. Applicant's argument with respect to the 35 U.S.C. 1 1 2, second paragraph, 
rejection has been fully considered in view of the amendment filed on 07/08/2008, which 
has been made in record, and the 35 U.S.C. 112, second paragraph, rejection has been 
withdrawn. 

6. Applicant's argument with respect to the 35 U.S.C. 101 rejection has been fully 
considered in view of the amendment filed on 07/08/2008, which has been made in 
record, and the 35 U.S.C. 101 rejection has been withdrawn. 

7. Applicant's arguments filed on 07/08/2008 have been fully considered but they 
are not persuasive. 

Regarding claims 1,21,41 and 81 , Applicants submit that Carter fails to teach a 
time parameter which defines the passage of time perceived by the computer system, 
the passage of time indicated by the time parameter is faster than the actual passage of 
time. 

Examiner respectfully disagrees with Applicant's argument. Examiner notes, the 
limitation "the actual passage of time" is not defined in the claims. Examiner does not 
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know what Applicants mean by that limitation. Examiner will broadly interpret that 
limitation as best understood. Carter discloses a network surveillance and security 
system that uses artificial intelligent to model simulations of logical operations involved 
in securing computers against security threats (Carter: paragraphs 0218, 0256, 0259, 
0261 , 1 1 00 and 1 1 03). Since the passage of time defined by the time parameter in 
Carter reference can be changed by a system call, therefore the time parameter is 
faster than the actual passage of time (Carter: paragraphs 0590, 0595 and 0599). 

Examiner's Note: Examiner has cited particular columns and line numbers in the 
references applied to the claims above for the convenience of the applicant. Although 
the specified citations are representative of the teachings of the art and are applied to 
specific limitations within the individual claim, other passages and figures may apply as 
well. It is respectfully requested from the applicant in preparing responses, to fully 
consider the references in entirety as potentially teaching all or part of the claimed 
invention, as well as the context of the passage as taught by the prior art or disclosed 
by the Examiner. 



Claim Objections 

8. Claim 1 is objected to because of the following informalities: 

The limitation "in which the reference monitor executes the at least one 

parameter" should be changed to "in which the reference monitor executes, the at least 

one parameter". 

Appropriate correction is required. 
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Claim Rejections - 35 USC § 102 

9. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

1 0. Claims 1 , 5-21 , 25-41 , 45-60, 81 and 85-98 are rejected under 35 U.S.C. 1 02(b) 
as being anticipated by Carter et al. (US 2003/0051026) (hereinafter Carter). 

Regarding claims 1,21,41 and 81 , Carter discloses: 

(A) defining at least one security rule specifying whether to allow or deny a 
request to access at least one resource under a given set of circumstances (Carter: See 
Abstract section and paragraphs 0168-0169, 0171, 0258, 0607 and 0802-0803: four 
sets of policies included in the Network Surveillance and Security System that govern 
access to databases (i.e., resource)); 

(B) supplying at least one request to access a resource (Carter: See paragraphs 
0180, 0652 and 0755: A Security Reference Monitor is a hidden controller that makes 
references against the Security Reference Database whenever the Security Reference 
Monitor detects that the Security Authorization Database receives a request for access); 
and 

(C) applying the at least one security rule in response to the at least one request 
to access a resource to determine whether to allow or prevent the at least one request 
(Carter: See paragraphs 0180, 0785 and 0797-0803: the watchdog system may use its 
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own policies to permit or deny access, or it may pass the decision to other components 
of the Network Surveillance and Security System); and 

providing at least one parameter defining a system environment in which the 
reference monitor executes, the at least one parameter includes a time parameter which 
define the passage of time perceived by the computer system, the passage of time 
indicated by the time parameter is faster than the actual passage time (Carter: 
paragraphs 0590, 0595 and 0599). 

Regarding claims 5, 25, 45 and 85, Carter further discloses wherein the passage 
of time indicated by the time parameter enables the computer system to execute the 
reference monitor simulator in an accelerated manner (Carter: See Abstract section and 
paragraph 0306: the invention autonomously alters its security policies in response to 
ongoing events). 

Regarding claims 6, 26 and 46, Carter further discloses (D) assessing the 
effectiveness of the at least one security rule (Carter: paragraphs 0222 and 0260). 

Regarding claims 7, 27, 47 and 86, Carter further discloses wherein assessing 
the effectiveness of the security rule further comprises determining at least one of the 
number of improper access requests prevented and the number of proper access 
requests allowed (Carter: paragraphs 0260, 0606-061 1 and 0802). 

Regarding claims 8, 28, 48 and 87, Carter further discloses wherein assessing 
the effectiveness of the security rule further comprises determining a rate of improper 
requests prevented (Carter: paragraphs 0403 and 041 1-0413). 
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Regarding claims 9, 29 and 49, Carter further discloses wherein (B) further 
comprises an application program supplying the at least one request to access a 
resource (Carter: paragraph 0304). 

Regarding claims 10, 30, 50 and 89, Carter further discloses wherein (B) further 
comprises capturing at least one request to access a resource before supplying the at 
least one request to access a resource (Carter: paragraphs 0172 and 0218). 

Regarding claims 1 1 , 31 , 51 and 90, Carter further discloses wherein a reference 
monitor performs the capture of the at least one request to access a resource (Carter: 
paragraphs 0700 and 0755). 

Regarding claims 12, 32, 52 and 91, Carter further discloses wherein the 
reference monitor which performs the capture of the at least one request to access a 
resource is the same type of reference monitor as the reference monitor whose 
operations are recreated by the reference monitor simulator (Carter: paragraphs 0168- 
0169, 0180, 0700 and 0755-0756). 

Regarding claims 13, 33, 53 and 92, Carter further discloses wherein the 
captured at least one request to access a resource is an improper request (Carter: 
paragraphs 0180 and 0222). 

Regarding claims 14, 34, 54 and 93, Carter further discloses wherein an 
improper request comprises a request issued by an application in response to one of a 
virus and a buffer overrun attack (Carter: paragraphs 0180, 0222 and 0674). 
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Regarding claims 15, 35, 55 and 94, Carter further discloses wherein the 
captured at least one request is modified prior to supplying the at least one request to 
access a resource (Carter: paragraphs 0700 and 0755). 

Regarding claims 16, 36, 56 and 95, Carter further discloses wherein the 
modification is performed by a user (Carter: paragraph 0795). 

Regarding claims 17, 37 and 57, Carter further discloses wherein an electronic 
file system stores the at least one security rule, and wherein (D) further comprises the 
reference monitor simulator accessing the security rule in the electronic file system in 
response to receiving the at least one request to access a resource (Carter: paragraphs 
0260, 0606-061 1 and 0802). 

Regarding claims 18, 38, 58 and 96, Carter further discloses wherein the at least 
one parameter provided to the reference monitor simulator further includes at least one 
of a system clock, a wrapper function, and a timer event (Carter: paragraph 0880). 

Regarding claims 19, 39 and 97, Carter further discloses (E) maintaining 
statistics on the operation of the reference monitor simulator (Carter: paragraphs 0271 
and 0470). 

Regarding claims 20, 40, 60 and 98, Carter further discloses wherein the 
statistics include at least one of the number of requests per resource, number of total 
requests, type of request per resource, total of each type of request, number of queries, 
number of callbacks, number of requests allowed compared to number of requests 
expected, and number of requests prevented compared to number of prevented 
requests expected (Carter: paragraph 0470). 
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Regarding claim 88, this claim has limitations that is similar to those of claim 1 , 
thus it is rejected with the same rationale applied against claim 1 above. 

Conclusion 

1 1 . THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to TRANG DOAN whose telephone number is (571)272- 
0740. The examiner can normally be reached on Monday-Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571 ) 272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Trang Doan/ 
Examiner, Art Unit 2131 
/Syed Zia/ 

Primary Examiner, Art Unit 2131 



